diff --git a/docs/organizations/managing-security-and-risk.md b/docs/organizations/managing-security-and-risk.md
index 6cf8eb9e39..01d6494379 100644
--- a/docs/organizations/managing-security-and-risk.md
+++ b/docs/organizations/managing-security-and-risk.md
@@ -26,7 +26,7 @@ Each panel shows the total count of matching items and contains a **Review** but
When viewing the dashboard, you can:
- Limit the total counts in each panel to a specific set of severities or repositories by clicking the **Severity** or **Repository** drop-downs above the main area.
-- Export a list of items as a CSV file by clicking the **Export CSV** button in the top right-hand corner of the page. The exported list always includes all items, ignoring any applied filters.
+
- Review the [severity assignment rules](#item-severities-and-deadlines) by clicking the **See rules** button in the top right-hand corner of the page.
@@ -40,12 +40,19 @@ To access the item list, access the [dashboard](#dashboard) and click the **Revi
When viewing the item list, you can:
- Update the filtering criteria by clicking the **Severity**, **Status**, or **Repository** drop-downs above the list.
+
- Find out more about an item by clicking its **Details** column to navigate to the item of interest on the source platform.
-- Export a list of items as a CSV file by clicking the **Export CSV** button in the top right-hand corner of the page. The exported list always includes all items, ignoring any applied filters.
+
- Review the [severity assignment rules](#item-severities-and-deadlines) by clicking the **See rules** button in the top right-hand corner of the page.
+## Exporting the security item list
+
+!!! info "This feature is available only to organization admins and organization managers"
+
+To export a list of security items as a CSV file, click the **Export CSV** button in the top right-hand corner of the page. The exported list always includes all items, ignoring any applied filters.
+
## How Codacy manages security items {: id="opening-and-closing-items"}
!!! important
diff --git a/docs/organizations/roles-and-permissions-for-organizations.md b/docs/organizations/roles-and-permissions-for-organizations.md
index c435e82b60..4f4f238f74 100644
--- a/docs/organizations/roles-and-permissions-for-organizations.md
+++ b/docs/organizations/roles-and-permissions-for-organizations.md
@@ -64,6 +64,15 @@ The table below maps the GitHub Cloud and GitHub Enterprise roles to the corresp
| Yes |
Yes |
+
+ | Access Security and risk management |
+ No |
+ Yes3 |
+ Yes3 |
+ Yes3 |
+ Yes |
+ Yes |
+
Ignore issues and files,
configure code patterns and file extensions,
manage branches,
reanalyze branches and pull requests |
No |
@@ -96,7 +105,7 @@ The table below maps the GitHub Cloud and GitHub Enterprise roles to the corresp
No |
No |
No |
- Yes3 |
+ Yes4 |
Inherits original permission |
Yes |
@@ -118,15 +127,6 @@ The table below maps the GitHub Cloud and GitHub Enterprise roles to the corresp
Yes |
Yes |
-
- | Access Security and risk management |
- No |
- No |
- No |
- No |
- Yes |
- Yes |
-
Invite and accept members,
modify billing |
No |
@@ -150,7 +150,8 @@ The table below maps the GitHub Cloud and GitHub Enterprise roles to the corresp
1: Outside collaborators aren't supported as members of organizations on Codacy. You can still [add outside collaborators to Codacy](managing-people.md#adding-people) so that Codacy analyzes their commits to private repositories, but they won't be able to join your Codacy organization.
2: Joining an organization may need an approval depending on your setting for [accepting new people](changing-your-plan-and-billing.md#allowing-new-people-to-join-your-organization).
-3: Requires that an organization owner has given the Codacy GitHub App access to the repositories to add or remove.
+3: These users can only see security items originating from Codacy repositories that they follow.
+4: Requires that an organization owner has given the Codacy GitHub App access to the repositories to add or remove.
## Permissions for GitLab
@@ -199,6 +200,15 @@ The table below maps the GitLab Cloud and GitLab Enterprise roles to the corresp
Yes |
Yes |
+
+ | Access Security and risk management |
+ No |
+ Yes3 |
+ Yes3 |
+ Yes3 |
+ Yes |
+ Yes |
+
Ignore issues and files,
configure code patterns and file extensions,
manage branches,
reanalyze branches and pull requests |
No |
@@ -253,15 +263,6 @@ The table below maps the GitLab Cloud and GitLab Enterprise roles to the corresp
Yes |
Yes |
-
- | Access Security and risk management |
- No |
- No |
- No |
- No |
- Yes |
- Yes |
-
Invite and accept members,
modify billing |
No |
@@ -284,7 +285,8 @@ The table below maps the GitLab Cloud and GitLab Enterprise roles to the corresp
1: External users aren't supported as members of organizations on Codacy. You can still [add external users to Codacy](managing-people.md#adding-people) so that Codacy analyzes their commits to private repositories, but they won't be able to join your Codacy organization.
-2: Joining an organization may need an approval depending on your setting for [accepting new people](changing-your-plan-and-billing.md#allowing-new-people-to-join-your-organization).
+2: Joining an organization may need an approval depending on your setting for [accepting new people](changing-your-plan-and-billing.md#allowing-new-people-to-join-your-organization).
+3: These users can only see security items originating from Codacy repositories that they follow.
## Permissions for Bitbucket
@@ -319,6 +321,12 @@ The table below maps the Bitbucket Cloud and Bitbucket Server roles to the corre
Yes |
Yes |
+
+ | Access Security and risk management |
+ Yes3 |
+ Yes |
+ Yes |
+
Ignore issues and files,
configure code patterns and file extensions,
manage branches,
reanalyze branches and pull requests |
Configurable |
@@ -355,12 +363,6 @@ The table below maps the Bitbucket Cloud and Bitbucket Server roles to the corre
Yes |
Yes |
-
- | Access Security and risk management |
- No |
- Yes |
- Yes |
-
Invite and accept members,
modify billing |
No |
@@ -377,7 +379,8 @@ The table below maps the Bitbucket Cloud and Bitbucket Server roles to the corre
1: Codacy can't distinguish the Bitbucket roles Read and Write because of a limitation on the Bitbucket API.
-2: Joining an organization may need an approval depending on your setting for [accepting new people](changing-your-plan-and-billing.md#allowing-new-people-to-join-your-organization).
+2: Joining an organization may need an approval depending on your setting for [accepting new people](changing-your-plan-and-billing.md#allowing-new-people-to-join-your-organization).
+3: These users can only see security items originating from Codacy repositories that they follow.
## The organization manager role